The Future Ain’t Homogenized: Please Stop the FUD Vendors

In recent weeks we’ve had perfect examples of people preaching perspectives from both ends of the cloud dogma spectrum.

First up comes JP Rangaswami, Chief Scientist at Salesforce who proclaimed that the concept of private cloud was essentially flawed.

In discussing the term Rangaswami contended that private cloud doesn’t deliver the scalability and flexibility that organizations need to survive in the modern age.

He said that:

"Whenever anyone uses that phrase to you, just ask them who are you sharing costs with. If all the costs you’re sharing are just with you, you’re just kidding yourself, it ain’t a cloud."

On the other end of the spectrum, and in an unfortunate and ill advised reaction to a recent outage that Amazon Web Services suffered, PistonCloud, the vendor building OpenStack powered private clouds, came out saying that the AWS outage proves once and for all that it’s better to own than to rent.

In a statement that is reminiscent of McCarthyism at it’s worse, Gretchen Curtis from PistonCloud tells us that:

"The Amazon Web Services outage last night highlights the largest risk to betting on public cloud: you don’t own it. Any of it. Which means you’re at the whim of whatever vendor you have entrusted to protect it. How much do you really know about where your data and applications are being housed?"

There are two distinct responses to these dual statements – the first answers PistonCloud’s specific economic arguments for private cloud as a sole strategy, which the second takes a bigger picture look at the debate. So here goes…

The Economic issues

The PistonCloud argument is split into four distinct areas;

It’s cheaper to own than to rent

A public cloud vendor doesn’t care about individual customers

Public cloud risks intermingling data between tenants

With public cloud there is less chance of investment in the infra – there’s no “equity to build”

Over on the HP blog, Rafal Los has done an awesome job of discounting these assertions – but here’s my take anyway:

Cheaper to own than to rent. Maybe it is, but have you really taken into account all the financial factors – human resources, heating and cooling, general operational costs etc etc.

And even if, at the end of the day, it does prove slightly cheaper to own your hardware than to rent it, the fact is that if in doing so you have to spend time focusing on technology when you could be instead focusing on your core business, then that cost saving pales into insignificance when compared to the real value that pure focus can bring.

The cost issue is a complete red herring but for those who want to delve into the economics of the cloud, then this report is for you

Public cloud vendors don’t care. PistonCloud, are you out of your freaking mind? AWS, Rackspace, and all the other cloud vendors live and die by recurring revenue. They absolutely have no option but to care deeply for their customers.

In the case of on-premise IT? Meh, once the servers have been bought, racked and stacked then the organization is locked in – what better recipe for an IT provider (internal or external) to give up caring about their vendor?

The intermingling bogey. I had this argument recently with Chris Hoff. I accept that conceptually and from an absolutism perspective that there is a potentially greater risk from multi tenant than single tenant infrastructure. But this is conceptually. Now lets get to the real world – why does data loss happen?

Because people have passwords written on PostIt notes on their laptop, or because the security on the on-premise data center is shoddy, or because an organization can’t afford the best infosec operatives. I challenge anyone to give me a concrete example where a customer of a public cloud provider of repute has suffered a loss because of multitenancy.

No equity to build. FFS – servers don’t appreciate in value. they get bought, they get deployed (maybe) and they depreciate until they’re decommissioned. if an organization thinks of their servers as a core piece of the equity of their business… well hell, they should go into the public cloud computing game. This is just dumb

The Public is better/Private is better debate

Anyone who jumps up on their soapbox preaching dogmatically that the future is either stark black or stark white is wrong. Cloud is about business outcomes, the only world in which one type of cloud would rule all would be a world in which all businesses were carbon copies of each other – with the same drivers, the same risks, the same pressures and focuses.

The reality is very different, one type of cloud (along with one type of employee, one type of office set up, one type of, well, everything) does not fit every business. Buddy Rafal puts it into perspective when he says that:

"If you’re going to have a cloud strategy you need to have a pragmatic approach which has you doing your due diligence, proper risk analysis, and understanding your cloud vendor. If your provider fails… do you have a strategy? If you’ve transformed all those applications of yore to cloud applications then the answer should be yes, and your applications should be resilient across multiple clouds, vendors and environments… this is the magic of cloud."

The future is one where organizations use infrastructure, platforms, applications and whatever else of lots of different flavors – take some public infra, mix it with some legacy infra for those ancient workloadsand throw in a bit of private cloud for when you want it.

A little CloudFoundry, some Heroku if you like and cloud applications from a million and one different vendors – while that is a complex scenario, it’s one that actually matches technology to particular business outcomes – and that is the way IT SHOULD be.

Cloud godfather and founder of enStratus, George Reese puts it correctly when he says:

"The bottom line is that nothing Piston Cloud offers will protect you from what happened with AWS this week. What will help is a redundant architecture that ideally spans multiple clouds. A private cloud may be PART of that approach, but it isn’t the answer to the outage this week… Unless you think you never will experience an outage in your own data center. In which case, you probably are the ideal Piston Cloud customer–a dupe."

Now anyone who doesn’t know Reese might suggest that his comment is self service. Of course anyone who knows and respects him realizes that the very reason his company exists is because he innately understands that this is the future. There is no black and white in the IT world of the future. Rather it is a complex amalgam of heterogeneous solutions…

Summary

We all, commentators, vendors and customers, need this cloud thing to happen safely and consistently. Dogmatic messages like these ones do nothing to increase the comfort level of prospective or actual cloud customers.

The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.